/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.nifi.registry.web.security.authentication.csrf;

import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletRequest;
import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.security.web.util.matcher.RequestMatcher;

import static org.springframework.web.util.WebUtils.getCookie;

/**
 * Cross-Site Request Forgery Mitigation Request Matcher
 */
public class CsrfRequestMatcher implements RequestMatcher {

    @Override
    public boolean matches(final HttpServletRequest request) {
        final boolean matches;

        if (CsrfFilter.DEFAULT_CSRF_MATCHER.matches(request)) {
            // Presence of Request Token Cookie requires invoking the CsrfFilter
            final Cookie requestTokenCookie = getCookie(request, CsrfCookieName.REQUEST_TOKEN.getCookieName());
            matches = requestTokenCookie != null;
        } else {
            matches = false;
        }

        return matches;
    }
}
